Inhealthcare Ltd

Digital Health Platform

Inhealthcare's digital health platform allows clinicians to automate monitoring, self-care, behavioural change and create virtual wards using a range of patient communication tools. Partners can integrate their own products and services. We are clinician and patient led in everything we do, focusing on real NHS problems rather than technology.

Features

• Hosted in the NHS secure network (HSCN)
• Patient services accessible by over 99% of the population
• Integrated with GP and hospital clinical systems
• One-click patient referral from GP systems
• Direct upload of patient results into patient's health record
• Integrated with NHS national patients systems
• Flexible, digital pathway engine
• Services designed by the NHS
• Device agnostic
• Customisable digital pathways

Benefits

• Ensures patients data is safe and accessible by clinicians
• Inclusive and bridges the digital divide
• Enables an integrated, paperless NHS
• Less time on paperwork, more time with patients
• Gives clinicians full visibility of a patient's health
• Support NHS England Strategic initatives
• Allows clinicians to create new services from scratch
• Triaged list of patients and the ones requiring support
• Step and step down of patients based upon their needs
• Better outcomes for patients and savings for NHS providers

£1.00 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jamie.innes@inhealthcare.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

479945995811645

Contact

Jamie Innes
01423 510 681
jamie.innes@inhealthcare.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Inhealthcare’s solution is entirely based on a Software as a Service (SaaS) cloud model so customers receive all future updates immediately and the software will be updated automatically. ; ; Inhealthcare performs updates to its SaaS cloud platform on a monthly basis and will perform all changes within this change window. Customers are notified of the change window ahead of the change window and all changes are performed out of hours so that there is no impact to clinicians and minimal impact to patients.
• System requirements:
  • NHS Network (HSCN) recommended
  • TLS 1.2 as a minimum for connection
  • Inhealthcare Desktop application requires .NET 4.7 Framework or higher
  • Browser requires Web RTC for video conferencing

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Inhealthcare core support hours are Mon-Fri, 08.00 – 18.00, including bank holidays. ; ; The Support Team are based in Harrogate, North Yorkshire and Inhealthcare currently operates an out of hours on call support desk to deal with any Priority 1 incidents outside of core Service Desk hours.; ; The Inhealthcare Service Desk has first, second and third line teams that provide responses to customer queries and issues depending upon the nature of the service desk item raised. ; ; We provided authorised individuals with access to a knowledgebase of information that they can access prior to creating tickets with the Inhealthcare Service Desk.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: As part of Inhealthcare's service all customers receive access to Inhealthcare's 24x7/365 service desk at no extra cost. ; ; Customers will also have access to an account manager who will be their main point of contact in the event they have any escalations.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of the service we can supply on-site training for the desired customer staff and the associated roles. As part of the solution we will provide all user guides/documentation for the initial roll out. Any subsequent updates to documentation will be performed in line with the change management policy and we will provide soft copies of these documents to the customer ahead of any software updates. ; ; As part of the implementation planning we will work with the respective personnel assigned by the customer to ensure that the training approach meets the requirements of the customer and that it covers all of the areas of the solution. We have expert trainers and will tailor the training approach to provide a combination of train the train and group training sessions to ensure that the customers users are proficient in the solution.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Inhealthcare will work with the customer to produce an Exit Plan detailing the process to exit from the services supplied in a timely and orderly manner. The exit plan will detail the following responsibilities:; - Agreeing a time and date for the Services to cease;; - Allowing to continue using the Services, including permitting the transfer of Data to customer or a replacement supplier prior to cessation of services subject to the continued payment of the charges and such period may continue beyond the end of the Initial Term if required for a period to be agreed between the parties;; - Providing the services and access to the data whilst there are any existing End User monitoring episodes actively in use; and; - Ceasing the Services at the agreed time on the agreed date.; ; Inhealthcare will not be obliged to disclose any confidential information to the customer or replacement supplier, or to transfer any assets, contracts, employees or third party licences.; ; Inhealthcare will provide a and copy and inventory of all data relating to the services that is under the control of the Inhealthcare and details of the data structures in which the Customer Data is stored.
• End-of-contract process: If, at the end of the contract, the customer decides that Inhealthcare will continue to store data for archiving purposes instead of being transferred to the customer, this will be covered in a subsequent Service Agreement and the commercials will be agreed at the time of that Service Agreement.; ; In the scenario where the end customer does not wish to continue with a subsequent service agreement with Inhealthcare, a copy of the data will be transferred to the end customer. Once this has been received Inhealthcare will put the data beyond use.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The only difference between the mobile and the desktop service is that users will not be able to perform any integration with GP systems if they are on a mobile device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface allows local administration teams to manage their user base and organisation setup. The interface allows for the configuration of services within their specific organisation.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: No testing of the software has been completed with users of assistive technology.
• API: Yes
• What users can and can't do using the API: The Inhealthcare solution provides RESTful and SOAP based web service interfaces over HTTPS to enable application to application communications. ; ; The web services support a number of different authentication and authorisation options including BasicAuth, OAuth2 and mutual SSL certificate based authentication.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As part of the service setup and configuration it is possible to tailor specific elements of the digital health platform to be specific for each customer. For example, it is possible to tailor the flow of information between clinicians and patients and make it unique for your organisation or service. ; ; It is possible for either the customer to complete this customisation or alternatively Inhealthcare can complete it on behalf of the customer during the setup process.

Scaling

• Independence of resources: Inhealthcare has monitoring and alarms in place on its SaaS platform to ensure that it has sufficient capacity and resources to ensure that users are not experiencing any degradation in service because of other users.

Analytics

• Service usage metrics: Yes
• Metrics types: The reported outcomes are all stored into the data warehouse in real time, enabling both real time and historical data analyses. This facilities business intelligence to be performed across multiple dimensions of the data, and enables the measurement of KPIs, analysis of champion/challenger scenarios (such as those with and without medication), see trends over time, plus many other business intelligence tasks that support decision services across the wider health infrastructure.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Extraction of data is available to authenticated users and/or systems that have the correct RBAC access and data permissions. ; ; The solution provides a number of interfaces to enable data extraction, including SQL. Web services are also available for data extraction purposes.; ; Any user or system with the correct RBAC access and data permissions from the trust will be able to perform data extraction without any reliance upon Inhealthcare and at no additional cost.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Inhealthcare's service level agreement is 99.9% availability of the core system. The Core System is Inhealthcare’s server infrastructure and installed software located in Inhealthcare’s secure data centre.; ; Core System Availability is measured across a calendar month. 99.9% availability is, therefore, equivalent to no more than 44 minutes of system unavailability per month (rounded to the nearest minute) based on a calendar average of 43,800 minutes per month.; ; Core System Unavailability is identified by proactive fault detection by the Inhealthcare service management centre or when Inhealthcare acknowledges the Customer’s reported fault. ; ; Inhealthcare shall pay to the company service credits where Core System Availability is less than 99.9% availability. ; ; One service credit will be equal to one day’s Service Charges based on the average daily charge of the previous month’s total Service Charges invoiced. ; ; Core System Availability >Service Credits Payable; - ≥99.9% to 100.0%(maximum of 44 minutes)>0; - >99.0% to <99.9% (maximum of 7 hours 18 minutes)>1; - >98.0% to ≤99.0% (maximum 14 hours 36 minutes)>5; - >97.0% to ≤98.0% (maximum 21 hours 54 minutes)>10; - >96.0% to ≤97.0% (maximum 29 hours 12 minutes)>15; - >95.0% to ≤96.0% (maximum 36 hours 30 minutes)>20; - Less than 95.0% (> 36 hours 30 minutes)>30
• Approach to resilience: Regarding resiliency, the Inhealthcare platform is hosted within the Amazon Web Services (AWS) London Region. The design is spread across at least two availability zones, with enough network space provisioned within each zone to afford room for a full capacity stack should an incident in one available zone deny the use of the network space provisioned within it. Each availability zone is cross-connected with high capacity network links which provide low latency to components which may crosstalk between zones. Other networking components offered by AWS are leveraged with a view to resiliency, including NAT gateway, which is a highly scalable internet gateway used to access internet resources including patch servers and command and control (ECS) servers. Each component within the application stack is usually deployed with a minimum of two instances (for platform engine instances, this is currently 4 instances for user request traffic, and a further 3 instances for async message and event processing). AWS Elastic Loadbalancing is used to serve user traffic to these instances in a round-robin fashion. Faulty or unresponsive instances are detected automatically by AWS Elastic Loadbalancing, and are removed from service rapidly.
• Outage reporting: As part of its ISO 27001 accreditation Inhealthcare has fully documented and well rehersed business continuity and major incident policies. ; ; In the unlikely event that a major incident is invoked an incident manager will be responsible for managing all external communication with customers. Inhealthcare as part of its existing ISO 27001 and ISO 9001 accreditations has a major incident policy which details the processes to be followed in the event of a major incident. ; ; As part of the contract with the customer Inhealthcare will appointment a customer account manager who will be the central point of contact between Inhealthcare and the customer and will ensure that both parties confirm to their respective major incident policies.; ; Inhealthcare provides access to a Status Page for the Platform which provides updates and notifications in the event of a major incident affecting the Inhealthcare Platform. Users who are registered will automatically receive notifications from the Status Page in the event that this occurs and notifications are received by email but can also be driven by an API.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Inhealthcare ensures that as part of support and developments roles that users only have access to the systems that they require. In addition, certain access permissions are only opened for a limited time whilst activities such as upgrades or support investigations take place.; ; This ensures that users do not have access to potentially sensitive information or make changes without access being opened up by a senior operative.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 19/04/2024
• What the ISO/IEC 27001 doesn’t cover: Outsourced development controls are not applicable to our organisation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Inhealthcare are accredited by NHS Digital to connect to the HSCN network and our IGSoC score was 100%. We are also ISO27001, ISO 13485 & ISO9001 accredited and have maintained a DSPT Toolkit submission of Standards exceeded since 2021. Inhealthcare are Cyber Essentials / Cyber Essentials Plus certified and perform annual penetration testing through a CREST / CHECK accredited provider.; ; As part of our ISO 27001 and ISO 9001 accreditation we have wide range of supporting information security policies and processes. These are meticulously followed within the organisation and your security and compliance manager ensures that all staff go through induction and regular training to ensure compliance. ; ; Any security incidents are logged by the security and compliance manager and are reviewed at quarterly forum meetings where representatives from all over the business, including the CEO are present.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Inhealthcare performs updates to its SaaS cloud platform on a five week basis and will perform all changes within this change window. Customers are notified of the change window ahead of the change window and all changes are performed out of hours so that there is no impact to clinicians and minimal impact to patients.; ; Through the Inhealthcare change management process the customer will be made aware of upcoming upgrades and the content of the upgrade. In addition, the change window for the upgrade will be communicated to the customer.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Inhealthcare regularly performs patches to its services based on the recommendations of software manufacturers. ; ; We sign up to mailing lists from software manufacturers so that we can be made aware of potential threats and then perform an internal risk analysis to determine how quickly a patch needs to be deployed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Within its services Inhealthcare deploys different layers of monitoring to reduce the risk of compromises, including Firewalls with IDS / IPS and Anti-virus software. ; ; In the event a comprise was found Inhealthcare would invoke its major incident process to determine the extend of the compromise and from this the resulting actions which need to be undertaken.
• Incident management type: Supplier-defined controls
• Incident management approach: As part of its ISO 27001 and 9001 accreditation's Inhealthcare has a proven major incident process which ensures that all reported incidents are logged by service users from. In addition the policy ensures that incident reports are provided to users in the event of a major incident which details the root cause and the steps which have been undertaken to stop it occurring again in the future.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Inhealthcare delivers it's digital services through the use of AWS (Amazon Web Services) Cloud technologies. We work with AWS to ensure that we are running our cloud operations as efficiently as possible, reducing our electricity and carbon footprint accordingly. In addition, AWS are on path to powering their operations with 100% renewable energy by 2025 further reducing the impact of cloud operations on the climate.; ; Inhealthcare has a net zero plan and published carbon reduction plan which is available on Inhealthcare's website.

  Covid-19 recovery

  Inhealthcare has been heavily involved in supporting NHS organisations in recovering from COVID-19. Inhealthcare's services support its customers with management of appointment waiting lists and backlogs and support the freeing up of capacity within the NHS.

  Tackling economic inequality

  Inhealthcare's platform supports inclusivity and individuals who require access to digital health pathways but may not have access to smartphones and the internet.

  Equal opportunity

  Inhealthcare is an equal opportunity employer and we support a diverse workforce, promoting a good and harmonious working environment in which employees will be treated with dignity and respect.

  Wellbeing

  At Inhealthcare we promote employee wellbeing and ensure that employees have access to support, coaching and guidance in the event that they feel they require any additional support outside of the work environment.

Pricing

• Price: £1.00 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jamie.innes@inhealthcare.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.